On 22.09.2016 07:17, RjOllos wrote:
Based on what you said, I considered if we could detect re-entrancy by
passing the policy to the permission cache when doing a
PermissionCache.has_permission check inside of
PermissionCache.check_permission:
https://trac.edgewall.org/ticket/12597
Replied in ticket.
I also posted modifications to SignedTickets, but I don't expect they
will fix this "interaction" issue:
https://trac.edgewall.org/wiki/CookBook/Configuration/SignedTickets?version=9
>>> - 'TICKET_ADMIN' in perm:
>>> + any(a in perm for a in self.admin_actions):
This change seems unnecessary and maybe even more problematic than before.
Unnecessary because TRAC_ADMIN implies TICKET_ADMIN anyway, so there's
no need to check for TRAC_ADMIN explicitly. (But there may be more
subtle details I'm missing.)
Problematic because checking more permissions leads to more potentially
problematic interactions (and possible mutual recursion) with other
policies.
Peter
--
You received this message because you are subscribed to the Google Groups "Trac
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at https://groups.google.com/group/trac-users.
For more options, visit https://groups.google.com/d/optout.
